Private Virtual Servers

Xicon's VMware platform enables you to quickly provision and easily configure Private Virtual Servers (PVS) which you can customise with the exact specification and software installations for the needs of your business right now. Xicon supplements this PaaS with a full suite of managed services.

Features

Provision your servers quickly

Choose the server specification to meet your needs

Easy to clone

Build from templates

Hosted on a VMware or Hyper-V platform

Hosted in a UK data centre

Replicated to a 2nd UK data centre

Easy to scale up and out

Priced on clearly defined metrics

Long term archive and retention opitons available

Benefits

No need to purchase dedicated server hardware again

Inherently address the issues of scalability, availability and disaster recovery

Users can recover backups themselves, for example through a web interface

Users contact the support team

Data-in-transit protection

Data-in-transit protection

Data protection between buyer and supplier networks

Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Bonded fibre optic connections

Legacy SSL and TLS (under version 1.2)

Data protection within supplier network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience

Guaranteed availability

Guaranteed 99.95% uptime (Uptime being the availability from the Data Centre switch interface to the Hosted Equipment to the Company POP network connection and onward over the Internet.)

The Customer will be entitled to an account credit for one days service for every hour the service availability fails to meet the 99.95% Uptime .

Approach to resilience

Xicon's Cloud platform is hosted across two data centres in the UK that are configured in a highly resilient architecture meaning that the failure of any component will not adversely affect the availability of services. This architecture means that business continuity and disaster recovery requirements are addressed.

The data centres have world class security services to protect equipment from threats and hold all of the accreditations that we require as part of our ISO27001:2013 accreditation.

Further details are available on request

Outage reporting

All components of the service are monitored by SolarWinds monitoring software which is set up and managed by Xicon technical engineers. Alerts are texted to Xicon engineers (P1) and emailed to Xicon service desk (P2 and P3). Proactive monitoring of alerts (including text alerts for P1 incidents) is undertaken 24*7. Customer notification as necessary to ensure guaranteed uptime is achieved.

Identity and authentication

Identity and authentication

User authentication

2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google apps)

Limited access network (for example PSN)

Dedicated link (for example VPN)

Username or password

Access restrictions in management interfaces and support channels

Processes are fully documented as part of ISO 27001/2013 accreditation and audited annually to ensure compliance

Access restriction testing frequency

At least every 6 months

Management access authentication

2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Limited access network (for example PSN)

Dedicated link (for example VPN)

Username or password

Devices users manage the service through

Dedicated device on a segregated network (providers own provision)

Dedicated device on a government network (for example PSN)

Dedicated device over multiple services or networks

Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users

Access to user activity audit information

Users contact the support team to get audit information

How long user audit data is stored for

User-defined

Access to supplier activity audit information

Users contact the support team to get audit information

How long supplier audit data is stored for

User-defined

How long system logs are stored for

User-defined

Standards and certifications

Standards and certifications

ISO/IEC 27001 certification

Yes

Who accredited the ISO/IEC 27001

NQA

ISO/IEC 27001 accreditation date

1/2/2017

What the ISO/IEC 27001 doesn’t cover

Nothing

ISO 28000:2007 certification

No

CSA STAR certification

No

PCI certification

No

Other security accreditations

Yes

Any other security accreditations

IGSoC

Security governance

Security governance

Named board-level person responsible for service security

Yes

Security governance accreditation

Yes

Security governance standards

ISO/IEC 27001

Information security policies and processes

ISO27001/2013 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements. Xicon has adopted ISO27001/2013 and therefore is formally audited and certified compliant with the standard annually. The standard ensures that we;

Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and

Adopt an overarching management process to ensure that the information security controls continue to meet Xicon’s information security needs on an ongoing basis.

Operational security

Xicon's Configuration and change management approach is fully documented in accordance with the requirements and standards of ISO27001/2013 . Xicon is independently audited annually to ensure compliance at all times.

Xicon's staff are exposed to the potential threats to the service as part of our ISO27001:2013 Information Management and Security Management Procedures. Policies are defined which include the review of and release of patches which are managed by Xicon platform maintenance system provided by Solarwinds. This software contains detailed release information for all of the software patches made available by the major software vendors allowing Xicon to selectively release and apply patches based on category.

Potential compromises are identified by the Solarwinds monitoring software and alerts are generated to the Xicon service desk by email and to Xicon engineers by text (depending on severity)P1 alerts are responded to within 15 minutes P2 alerts are responded to within 3.25 hours P3 alerts are responded to within 47.25 elapsed hours

Incident management process is fully documented as part of Xicon's ISO27001/2013 accreditation. This is independently audited annually to ensure compliance. Further details are available on request.Incidents can be reported by users:1) By telephone to Xicon's dedicated 24*7 helpline2) By logging the incident in Xicon's service desk

Major Incident Reports are compiled by Xicon's Commercial Manager and sent to affected customer's nominated representative

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Yes

Who implements virtualisation

Supplier

Virtualisation technologies used

VMware

How shared infrastructure is kept separate

Infrastructure is separated and managed by CESG assured components and VLANs.

Energy efficiency

Energy efficiency

Energy-efficient datacentres

Yes

Pricing

Pricing

Price

£45.00 per server per month

Discount for educational organisations

Yes

Free trial available

Yes

Description of free trial

The free trial version contains all components of the contracted version . The period of the free trial is by agreement to ensure that it is sufficient time for a proposed purchaser to be satisfied that the service is suitable for their needs.